Re: Multi-recipient security hole?


RFC 1115 states that the DEK being encrypted is padded with pseudorandom,
non-zero bytes.  I interpret this as meaning each Key-Info field is padded
with a different pseudorandom byte string, so the block being encrypted
under RSA is different for each recipient.
 
PKCS #1 states this a little more strongly:  "... it is recommended that
the pseudorandom octets be generated independently for each encryption
process, especially if the same data is input to more than one encryption
process."
 
 
Regards,
Rich

<Prev in Thread]	Current Thread	[Next in Thread>
Multi-recipient security hole?, Marc . Ringuette Multi-recipient security hole?, Jeffrey I. Schiller Re: Multi-recipient security hole?, Mike Roe Re: Multi-recipient security hole?, Richard . Ankney <= Re: Multi-recipient security hole?, David M. Balenson Re: Multi-recipient security hole?, Markus Mueller Re: Multi-recipient security hole?, David M. Balenson

Previous by Date:	Multi-recipient security hole?, Jeffrey I. Schiller
Next by Date:	Re: Multi-recipient security hole?, Mike Roe
Previous by Thread:	Re: Multi-recipient security hole?, Mike Roe
Next by Thread:	Re: Multi-recipient security hole?, David M. Balenson
Indexes:	[Date] [Thread] [Top] [All Lists]